CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1633 – chromium-browser: use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-1633
06 Mar 2016 — Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1635 – chromium-browser: use-after-free in Blink
https://notcve.org/view.php?id=CVE-2016-1635
06 Mar 2016 — extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. extensions/renderer/render_frame_observer_natives.cc en Google Chrome en versiones anteriores a 49.0.2623.75 no considera adecuadamente la vida del objeto y los problemas de ... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1642 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1642
06 Mar 2016 — Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 49.0.2623.75 permiten a atacantes provocar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1641 – chromium-browser: use-after-free in Favicon
https://notcve.org/view.php?id=CVE-2016-1641
06 Mar 2016 — Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an image download after a certain data structure is deleted, as demonstrated by a favicon.ico download. Vulnerabilidad de uso después de liberación de memoria en content/browser/web_contents/web_contents_impl.cc en Google Chrome en versiones anteriores a 49.0.2623.75 permite a atacan... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-1632 – chromium-browser: bad cast in Extensions
https://notcve.org/view.php?id=CVE-2016-1632
06 Mar 2016 — The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h. El subsistema Extensions en Google Chrome en versiones anteriores a 49.0.2623.75 no mantiene adecuadamente sus propias propiedades, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso... • http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2016-1629 – chromium-browser: same-origin bypass in Blink and Sandbox escape in Chrome
https://notcve.org/view.php?id=CVE-2016-1629
21 Feb 2016 — Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. Google Chrome en versiones anteriores a 48.0.2564.116 permite a atacantes remotos eludir la Blink Same Origin Policy y el mecanismo de protección sandbox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_18.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 25%CPEs: 2EXPL: 0CVE-2016-1628 – Google Chrome Pdfium JPEG2000 Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1628
18 Feb 2016 — pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted JPEG 2000 image in a PDF document, related to the opj_pi_next_rpcl, opj_pi_next_pcrl, and opj_pi_next_cprl functions. pi.c en OpenJPEG, como se utiliza en PDFium en Google Chrome en versiones anteriores a 48.0.2564.109, no valida cierto valor precision, lo que permite a a... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1623 – chromium-browser: same-origin bypass in DOM
https://notcve.org/view.php?id=CVE-2016-1623
14 Feb 2016 — The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. La implementación DOM en Google Chrome en versiones anteriores a 48.0.2564.109 no restringe adecuadamente que las operaciones frame-attach ocurran durante o desp... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1625 – chromium-browser: navigation bypass in Chrome Instant
https://notcve.org/view.php?id=CVE-2016-1625
14 Feb 2016 — The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. La funcionalidad Chrome Instant en Google Chrome en versiones anteriores a 48.0.2564.109 no asegura que un destino de navegación New Tab Page (NTP) se encuentre en las listas de más visitados o sugere... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1627 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1627
14 Feb 2016 — The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. El subsistema Developer Tools (también conocido como DevTools) en Google Chrome en versiones anteriores a ... • http://googlechromereleases.blogspot.com/2016/02/stable-channel-update_9.html • CWE-264: Permissions, Privileges, and Access Controls •